| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generally, our host gcc version below 8.0, but cross toolchain in yocto
above 8.0, now 8.3, the option "macro-prefix-map" coming from 8.0, so if
the host gcc below 8.0, it can't unrecognized the option "macro-prefix-map".
In criu source code, the HOSTCFLAGS coming from CFLAGS:
https://github.com/checkpoint-restore/criu/blob/criu-dev/Makefile#L17
In yocto project, the CFLAGS coming from the cross toolchain, containing
the "-fmacro-prefix-map" default, so we should use the BUILD_CFLAGS, it
contains the flags that used for host building.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are multiple different tools/techniques to generate OCI images.
Many of these techniques are part of more complex workflows, or have
many options that are needed as part of a larger system or are needed
to provide flexibility in the tooling (i.e. they construct the
container as well as build the OCI image, or they can push directly
to a registry, etc).
What we want within the build context of bitbake/oe is to not
duplicate work that is done by bitbake, the other image bbclasses
or the runtime part of the ecosystem. This means only the construction
of an image-spec v1.x image without dependencies on build, or execution
of the container within a tool. We'd also like the tool to not pull
in multiple, unused dependencies that must be built native/native-sdk,
etc, to support the simple use case.
The requirements above exclude (for now) tools such as skopeo, umoci,
buildah, img, orca-build, kaniko, scratchbuild, etc. Leading us to
a from-scratch implementation .. or enter sloci-image.
sloci-image is a simple CLI for packing a rootfs into a single layer
OCI image. It can easily be extended, or ported to other language
implementations in the future. But it brings nearly no native
dependencies and is a pure/clean implementation of the image spec
that integrates nicely in an oe/bitbake environment.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
| |
This module is part of the perl package now and is shipped by default.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use git hash which addresses CVE-2019-5736. Use the same git hash
used in top of Docker 18.09 branch.
Changes in runc since
6635b4f0 merge branch 'cve-2019-5736'
0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
dd023c45 merge branch 'pr-1972'
Fixes: CVE-2019-5736
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating containerd to 1.2.4 (and switching to the release branch
for our git hash). The following commits are in this update:
e6b3f563 Merge pull request #3002 from estesp/prepare-1.2.4-release
5d1443dc Prepare v1.2.4 release
2095626c Merge pull request #3014 from thaJeztah/1.2_bump_cri
78286104 Merge pull request #3013 from thaJeztah/1.2_backport_windows_changes
3cbdf9e4 [release/1.2] update containerd/cri to da0c016c830b2ea97fd1d737c49a568a816bf964
dfa19e59 Windows:NewDirectIOFromFIFOSet
84a14ae0 Update runhcs options to include CRI Sandbox support
6a8198b0 Forward ctr.exe --debug as io.containerd.runhcs.v1 options
d40cc95f Implement io.containerd.runhcs.v1 shim log opts
30ca1c55 Add io.containerd.runhcs.v1 shim proto options
7908802c Fix Makefile to run protobuild on paths with spaces
583472f6 Merge pull request #2998 from thaJeztah/1.2_backport_bump_runc_cve_2019-5736
b4bf3e34 Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d (CVE-2019-5736)
74133fa4 Merge pull request #2995 from thaJeztah/1.2_backport_remove_normalize_image_ref
ed756ffd Use distribution's reference.ParseDockerRef
2fb38236 Bump github.com/docker/distribution to 0d3efadf0154c2b8a4e7b6621fff9809655cc580
7f5f1176 Merge pull request #2974 from ehazlett/release-v1.2.3
7216861d Update for 1.2.3 release
5de147d9 Merge pull request #2984 from Random-Liu/update-cri-release-1.2
f7ac34e3 Update cri plugin to c3cf754321fc38c6af5dfd2552fdde0ad192b31d.
0137339c Merge pull request #2977 from crosbymichael/io-panic
7daf0804 Fix potential containerd panic.
2fd20f11 Merge pull request #2972 from crosbymichael/exec-lock
5730c500 Add a separate lock for pid.
b9b7ef32 Revert "use state machine management for exec.Pid()"
dba2e5e5 Merge pull request #2965 from fuweid/remove-noop
9b6a318a metadata/gc: remove the noop-loop for snapshot reference
d86a73a4 Merge pull request #2946 from fuweid/platformruntime
dd29d5c3 Merge pull request #2947 from fuweid/pull-oct
a0b4da71 bugfix: support application/octet-stream during pull
b4d38c0f runtime: add Add/Delete method in PlatformRuntime interface
af900154 Merge pull request #2955 from Random-Liu/cherrypick-#2944-release-1.2
ab2cf013 Use context.Background for `O_NONBLOCK` `OpenFifo`.
fa60b5be Merge pull request #2953 from thaJeztah/1.2_backport_fix_xattr
2244a20c fix: SCHILY.xattrs should be SCHILY.xattr
8c9ede4f Merge pull request #2950 from crosbymichael/lint-release
bf3c932a [release 1.2] fix: linter issue
5c38d942 Merge pull request #2932 from AkihiroSuda/runc20190115-1.2
32f10c77 bump up runc
97548718 Merge pull request #2917 from dmcgowan/release-1.2.2
ef637041 Update for 1.2.2 release
4bb2b0c3 Merge pull request #2912 from Random-Liu/update-cri-release-1.2
f30fd023 Update cri to 0d5cabd006cb5319dc965046067b8432d9fa5ef8 (branch release/1.2).
46e63338 Merge pull request #2893 from thaJeztah/1.2_revert_temp_golang_fix
e71a191f Revert "Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround)"
aa5e000c Merge pull request #2878 from andrewhsu/backport-1.2-fifo-timeout
31be8649 Merge pull request #2881 from thaJeztah/1.2_backport_fix_ci_golang_1.11
27c6449c Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround)
18f57e20 Add timeout and cancel to shim fifo open
9b32062d Merge pull request #2852 from dmcgowan/prepare-1.2.1
51134077 Update version to 1.2.1
dcc47ddd Merge pull request #2861 from dmcgowan/cherrypick-1.2-2857
4c327b8e Update runc to 96ec2177ae841256168fcf76954f7177af
b65a1137 Merge pull request #2860 from Random-Liu/update-cri-release-1.2
18e453e4 Update release note.
586807a8 Update cri plugin to 0ca1e3c2b73b5c38e72f29bb76338d0078b23d6c.
4b284fa3 Merge pull request #2856 from Random-Liu/cherrypick-#2854-release-1.2
b413e843 Kill should still work in stopped state.
a06cddc2 Merge pull request #2845 from nnttmm/backport_2826
176a5621 Merge pull request #2842 from thaJeztah/1.2_backport_update_runc_1.0-rc6
8dc87dd8 Merge pull request #2847 from thaJeztah/1.2_backport_mask_asound
703786c5 Add /proc/asound to masked paths
c42c8952 use state machine management for exec.Pid()
93d5b4b0 Update runc to v1.0.0-rc6
de1f167a Merge pull request #2819 from dmcgowan/prepare-1.2.1-rc
27d72ba7 Update version
e3840cce Add 1.2.1 release notes
940c0c06 Merge pull request #2817 from Random-Liu/cherrypick-2811-release-1.2
4598ec21 Lock `KillAll`.
e429785c Merge pull request #2815 from thaJeztah/1.2_backport_shimlockwhenstdinclose
9be591e4 Merge pull request #2803 from crosbymichael/cherry-proc-lock
309973ed Merge pull request #2801 from crosbymichael/cherry-runc
e4c49d70 Update runc to 10d38b660a77168360df3522881e2dc2be
cd83a4e0 fix pipe in broken may cause shim lock forever for runtime v1
275f99fe fix pipe in broken may cause shim lock forever for runtime v2
39cd8634 Merge pull request #2795 from estesp/cherrypick-optimize-shim-lock
3afc3f14 Merge pull request #2796 from estesp/cherrypick-exit-ch-buffers
f9323ca9 Revert v2 dropped events
4c72befe Fix process locking and state management
14dc3078 Partially revert the event discard change in #2748.
417d6941 Increase reaper buffer size and non-blocking send
7ef5285b optimize shim lock in runtime v1
040e73fd Merge pull request #2792 from estesp/cherrypick-update-hcsshim-vendor
c4a256d3 Merge pull request #2790 from estesp/cherrypick-v1v2-runtime-fix
73758765 Temp: add appveyor enablement for release/1.2 branch
090e3e98 Revendor github.com/Microsoft/hcsshim
046b6c6d enhance: update v1/v2 runtime
7ff9f681 Merge pull request #2784 from Random-Liu/update-cri-release-1.2
54895c0b Update cri to 2bb57d27203d82fc79c496aea724aec593b2705a.
cd0ecb78 Merge pull request #2779 from thaJeztah/1.2_backport_ignore_modprobe_failures
c4acd17e Ignore modprobe failures in ExecStartPre (systemd unit)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
The only thing which docker uses /etc/docker for is a TLS key for
connecting with other TLS-enabled services. Make /etc/docker a symlink
to the existing docker volatiles directory so that we can use docker on
a read-only rootfs.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
|
| |
refreshing the containerd support to 1.2.x. We have to tweak the package
linking and update the go compile patch, but otherwise, the build is
unchanged.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
| |
Bumping to the next cri-o release branch
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
| |
This recipe does not build for mips, so set COMPATIBLE_HOST to avoid that.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
|
| |
This change reduces the length of ${PV} for several recipes and gives us
auto-incrementing version numbers.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
| |
If we're building runc-opencontainers it's likely that we're not using
docker.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Minor updates and fixes. Improved ptest results per below.
root@cube-essential:/usr/lib64/lxc/ptest# ./run-ptest
### Starting LXC ptest ###
FAIL: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-attach
PASS: lxc-test-automount
PASS: lxc-test-autostart
PASS: lxc-test-basic
PASS: lxc-test-cgpath
PASS: lxc-test-cloneconfig
PASS: lxc-test-clonetest
PASS: lxc-test-concurrent
PASS: lxc-test-config-jump-table
PASS: lxc-test-console
PASS: lxc-test-console-log
PASS: lxc-test-containertests
PASS: lxc-test-createconfig
PASS: lxc-test-createtest
PASS: lxc-test-criu-check-feature
PASS: lxc-test-destroytest
PASS: lxc-test-device-add-remove
PASS: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
PASS: lxc-test-mount-injection
PASS: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
PASS: lxc-test-rootfs
PASS: lxc-test-saveconfig
PASS: lxc-test-share-ns
PASS: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
PASS: lxc-test-snapshot
PASS: lxc-test-startone
SKIPPED: lxc-test-state-server
PASS: lxc-test-utils
Results:
PASSED = 35
FAILED = 1
SKIPPED = 3
(for details check individual test log in ./logs directory)
### LXC ptest complete ###
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A very small # of new commits. Most are minor bug fixes, no feature
work. I looked at adding ptests but the tests are mostly in an
unusable state at the moment, for example several require cgm despite
cgmanager being deprecated. So I have opted to continue without them
and only when we can work with upstream to improve their testing can
we seriously consider adding them.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When CRIU is called for a first time and the /run/criu.kdat file does
not exists, the following warning is shown:
Warn (criu/kerndat.c:847): Can't load /run/criu.kdat
This patch is replacing this warning with a more appropriate debug
message.
File /run/criu.kdat does not exist
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to the just released v3.0.3. This release is a collection of
minor changes, bug fixes, logging updates, documentation cleanup, code
cleanup and some new tests.
We have an improved outlook as far as ptests is concerned as well:
### Starting LXC ptest ###
FAIL: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-attach
PASS: lxc-test-automount
FAIL: lxc-test-autostart
PASS: lxc-test-basic
PASS: lxc-test-cgpath
PASS: lxc-test-cloneconfig
PASS: lxc-test-clonetest
PASS: lxc-test-concurrent
PASS: lxc-test-config-jump-table
PASS: lxc-test-console
PASS: lxc-test-console-log
PASS: lxc-test-containertests
PASS: lxc-test-createconfig
PASS: lxc-test-createtest
PASS: lxc-test-criu-check-feature
PASS: lxc-test-destroytest
PASS: lxc-test-device-add-remove
PASS: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
PASS: lxc-test-rootfs
PASS: lxc-test-saveconfig
PASS: lxc-test-share-ns
PASS: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
PASS: lxc-test-snapshot
PASS: lxc-test-startone
SKIPPED: lxc-test-state-server
PASS: lxc-test-utils
Results:
PASSED = 32
FAILED = 3
SKIPPED = 3
(for details check individual test log in ./logs directory)
### LXC ptest complete ###
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
|
|
|
|
|
|
|
|
|
| |
Fix numerous docker.init issues such as missing runtime dependency
util-linux-unshare, incomplete handling of start/stop etc. operations
and minor typos.
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
| |
docker/k8s and other components have been refreshed to the 18.09 release
tags. So we update runc to keep in sync.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Infrastructure changes triggered updated to supporting parts of the
docker stack, so to make sure that everything stays in sync we update
to the 18.09 release.
There were some minor build differences in this update, but in the
end, things are better since we can use some more of the Make infrastructure
versus calling 'go build' directly.
Also, docker-ce and docker are now virtually the same, except for the
moby based docker pulling in the cli and libnetwork repos independently.
There should be virtually no difference between the results, but we still
keep the two variants for flexibility.
We also drop the unused/legacy 'hi.Dockerfile'.
Tested with both kubernetes and docker unit tests.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
Since kubernetes is now on 1.12, we need to sync our cri-o release
to match.
There are some build changes to the utilities, and a patch refresh,
but otherwise, this is very similar to the exiting build of cri-o.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
We aren't running any ptests for cri-o (it is hard to test in
isolation), and the update to go 1.11 has broken the build in the
ptest phase.
For now, we remove the task to get the build running again.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
| |
The update to go 1.11 exposed some issues with the cross compilation of
kubernetes. The best way to fix those issues is to uprev to 1.12 and to
inhibit the building of the test modules (which query the host for
infrastructure that is not present).
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refresh patch to avoid fuzz warnings
* Update to 3.0.2 as lxc-destroy failed when
system boot in nfs rootfs in lxc 3.0.1 as below:
# lxc-destroy -n test9
lxc-destroy: test9: utils.c: _recursive_rmdir: 149 Failed to delete /var/lib/lxc/test9
lxc-destroy: test9: lxccontainer.c: container_destroy: 2946 Failed to destroy directory "/var/lib/lxc/test9" for "test9"
Destroying test9 failed
Update to 3.0.2 to fix the above issue
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ptest puts the test status at the beginning of the test. Follow
the style.
BEGIN: /usr/lib/lxc/ptest
### Starting LXC ptest ###
SKIPPED: lxc-test-apparmor
FAIL: lxc-test-attach
PASS: lxc-test-automount
FAIL: lxc-test-autostart
PASS: lxc-test-cgpath
PASS: lxc-test-cloneconfig
PASS: lxc-test-clonetest
PASS: lxc-test-concurrent
FAIL: lxc-test-console
PASS: lxc-test-containertests
PASS: lxc-test-createconfig
FAIL: lxc-test-createtest
FAIL: lxc-test-destroytest
PASS: lxc-test-device-add-remove
PASS: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
PASS: lxc-test-reboot
PASS: lxc-test-saveconfig
SKIPPED: lxc-test-shutdowntest
PASS: lxc-test-snapshot
PASS: lxc-test-startone
PASS: lxc-test-utils
Results:
PASSED = 19
FAILED = 5
SKIPPED = 2
(for details check individual test log in ./logs directory)
### LXC ptest complete ###
END: /usr/lib/lxc/ptest
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
oci-image-tools-0.2.0-dev+gitAUTOINC+4abe1a166f-r0 do_package_qa:
QA Issue: ELF binary 'work/aarch64-poky-linux/oci-image-tools/
0.2.0-dev+gitAUTOINC+4abe1a166f-r0/packages-split/oci-image-tools/
usr/sbin/oci-image-tool' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-oci-image-tools = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-oci-image-tools = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
WARNING: docker-18.03.0+git708b068d3095c6a6be939eb2da78c921d2e945e2-r0
do_package_qa: QA Issue: ELF binary 'work/aarch64-poky-linux/docker/
18.03.0+git708b068d3095c6a6be939eb2da78c921d2e945e2-r0/packages-split/
docker/usr/bin/docker' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-docker = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-docker = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
docker-distribution-v2.6.2-r0 do_package_qa: QA Issue: ELF binary
'work/aarch64-poky-linux/docker-distribution/v2.6.2-r0/packages-split/
docker-registry/usr/sbin/registry' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-docker-distribution = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-docker-distribution = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when bitbake lib32-docker-distribution, we might met below
warning:
lib32-docker-distribution-v2.6.2-r0 do_package_qa: QA Issue: No GNU_HASH
in the elf binary: 'work/core2-32-wrsmllib32-linux/lib32-docker-distribution
/v2.6.2-r0/packages-split/lib32-docker-registry/usr/sbin/registry' [ldflags]
which caused by "INSANE_SKIP_docker-registry += "ldflags already-stripped"
don't cover case for multilib, so add multilib prefix MLPREFIX
to fix it.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
oci-runtime-tools-0.1.0+gitAUTOINC+6e7da8148f-r0 do_package_qa: QA Issue:
ELF binary 'work/aarch64-poky-linux/oci-runtime-tools/0.1.0+gitAUTOINC+6e7
da8148f-r0/packages-split/oci-runtime-tools/usr/sbin/oci-runtime-tool'
has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-oci-runtime-tools = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-oci-runtime-tools = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This recipe was originally written and included in meta-overc as it
was used by the overc framework so we implemented it there to sort out
the kinks. Since this package is not specific to the OverC framework
and people may be interested in including it in their images without
having any interest in the OverC framework we are moving this recipe
here, alongside lxc and other container related recipes.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
| |
containerd does not support mips since it depends on boltdb which does not
support mips.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When runing:
lxc-create -t download -n test
The system reports that the getopt command can't find. This is because
the lxc-download template depends on getopt command. So add the runtime
depends on util-linux-getopt for lxc.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A fairly straightforward uprev requiring minimal patch refreshing
since a few hunks were failing due to conflicts with upstream updates.
Unfortunately upstream starting using the now overloaded "PYTHON"
variable in their Makefiles, this is not the path to the python
executable but rather the name 'python2' or 'python3' which is used to
determine which local directories to include. Due to this we must
explicitly assign values to 'PYTHON_FULL' and 'PYTHON'. We use
'python2' since we are using 'setuptools' and therefore are explicitly
using python v2, at some point we might want to make this recipe work
with either python v2 or v3 but for now we continue to explicitly use
v2.
Instead of using version specific filename we switch to using _git.bb
which is inline with similar 'git' recipes found in oe-core and other
repos.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
| |
We use the systemd service file from within the docker git
repo. Removing the unused recipe space version, since it is
invalid and causes confusion.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this, our go build will throw the following QA error during the
build:
ERROR: kubernetes-1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubern
etes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/apiextensions-apiserver'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/deepcopy-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/defaulter-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/genswaggertypedocs'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/linkcheck'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/openapi-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/genyaml'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/conversion-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/gendocs'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/ginkgo' [ldflags]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
| |
* Keep variables close to the function they are used in, so R(untime)DEPENDS goes below do_install, PV next to SRCREV, etc.
* Don't use =+ as multiline seperator, it's a *very* heavy bitbake operation.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
| |
A previous commit changed do_installed to install everything, not just
kube*, adjust PACKAGES to keep ${PN} empty as it was before.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compile host tools such as deepcopy-gen, defaulter-gen, openapi-gen
for host architecture, to solve below error:
-- snip --
| +++ [0117 05:31:35] Building go targets for linux/arm64:
| ./vendor/k8s.io/code-generator/cmd/deepcopy-gen
| touch: cannot touch '_output/bin/deepcopy-gen': No such file or directory
| make[1]: *** [Makefile.generated_files:323: _output/bin/deepcopy-gen] Error 1
| make: *** [Makefile:478: generated_files] Error 2
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'make all' uses 'uname' to select the build target, leading to compile failures like this:
| arm-angstrom-linux-gnueabi-gcc: error: unrecognized command line option '-m64'
After providing the proper arch to the makefile it will try to use a hardcoded compiler:
| # runtime/cgo
| exec: "arm-linux-gnueabihf-gcc": executable file not found in $PATH
Fix that up by removing all hardcoded 'CC' entries in golang.sh
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Upgrade criu from 3.4 to 3.9.
2) Delete fix-building-on-newest-glibc-and-kernel.patch for it has been merged in upstream.
3) Add CFLAGS_arm += "-D__WORDSIZE"
add this CFLAGS to solve the compile problem for arm.
The log is as following:
| ....../tmp/work/armv5e-poky-linux-gnueabi/criu/3.9+gitAUTOINC+202b7745bd-r0/recipe-sysroot/usr/include/bits/wordsize.h:36:2: error: #error "__WORDSIZE is not defined"
| #error "__WORDSIZE is not defined"
| ^
| ....../tmp/work/armv5e-poky-linux-gnueabi/criu/3.9+gitAUTOINC+202b7745bd-r0/recipe-sysroot/usr/include/bits/wordsize.h:59:2: error: #
4) Add export C_INCLUDE_PATH="${STAGING_INCDIR}/libnl3"
add C_INCLUDE_PATH to solve the compile problem for arm.
which is libnetlink.c can't find head file.
| In file included from criu/libnetlink.c:5:
| ....../tmp/work/armv5e-p
| oky-linux-gnueabi/criu/3.9+gitAUTOINC+202b7745bd-r0/recipe-sysroot/usr/include/libnl3/netlink/attr.h:15:10: fatal error: netlink/netlink.h: No such file or directory #include <netlink/netlink.h>
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
Updating to the 1.11 kubernetes release. This includes the standard
set of features, updates and bug fixes.
One build element of note is 1.11+ requires go 1.10.2+, so the following
must be set in your configuration: GOVERSION = "1.10%"
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
| |
tini is licensed under the MIT license instead of Apache-2.0.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
- Bug fix release
- Fixes gcc8 build failures
- Update patch for fuzz issues.
- remove --disable-python and --disable-lua as they have been removed
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tests are already built when we do_compile so we only need to copy
them to the ptest path and create a wrapper script to run them. This
has the added benefit of reducing the size of the lxc package.
We have to manipulate the test sources some to remove gpg validation
and a few other minor changes, none of which actually change what is
being tested (notes are provided in the associated commit logs).
The following are the ptest results currently acheived:
### Starting LXC ptest ###
./tests/lxc-test-api-reboot FAIL
./tests/lxc-test-apparmor SKIPPED
./tests/lxc-test-attach PASS
./tests/lxc-test-automount PASS
./tests/lxc-test-autostart PASS
./tests/lxc-test-cgpath PASS
./tests/lxc-test-cloneconfig PASS
./tests/lxc-test-clonetest PASS
./tests/lxc-test-concurrent PASS
./tests/lxc-test-config-jump-table PASS
./tests/lxc-test-console PASS
./tests/lxc-test-console-log PASS
./tests/lxc-test-containertests PASS
./tests/lxc-test-createconfig PASS
./tests/lxc-test-createtest PASS
./tests/lxc-test-criu-check-feature PASS
./tests/lxc-test-destroytest PASS
./tests/lxc-test-device-add-remove PASS
./tests/lxc-test-get_item PASS
./tests/lxc-test-getkeys PASS
./tests/lxc-test-list PASS
./tests/lxc-test-locktests PASS
./tests/lxc-test-lxcpath PASS
./tests/lxc-test-may-control PASS
./tests/lxc-test-no-new-privs PASS
./tests/lxc-test-parse-config-file PASS
./tests/lxc-test-raw-clone PASS
./tests/lxc-test-reboot PASS
./tests/lxc-test-rootfs PASS
./tests/lxc-test-saveconfig PASS
./tests/lxc-test-share-ns PASS
./tests/lxc-test-shortlived PASS
./tests/lxc-test-shutdowntest SKIPPED
./tests/lxc-test-snapshot PASS
./tests/lxc-test-startone PASS
./tests/lxc-test-state-server SKIPPED
./tests/lxc-test-utils PASS
Results:
PASSED = 33
FAILED = 1
SKIPPED = 3
(for details check individual test log in ./logs directory)
### LXC ptest complete ###
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
We have a new dependency on 'mountpoint' which is now called in the
download template script. We also hit an upstream bug due to improper
use of 'mktemp', so we apply a patch to fix this and sent the fix
upstream as well.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to the latest lxc release. This requires some minor patch
updates (fuzz and offset, not content) along with dropping a no longer
needed fix for gcc7 (gcc 7.3 is everywhere and is patched).
The ptests were already busted before the uprev so I was not able to
run them but I will follow up with a fix for this. I did run against
our usual usecases 'lxc-create', 'lxc-console', 'lxc-ls',
'lxc-destroy', 'lxc-start', 'lxc-execute', 'lxc-attach'... and there
were no issues (outcomes matched v2.0.8).
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
This removes the warning that docker can't find docker-init
in PATH.
This recipe is based on the recipe from meta-resin.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|